pre-exchange.yml (10278B)
1 --- 2 - name: Populate service facts 3 service_facts: 4 5 - name: Ensure default challenger service is stopped 6 ansible.builtin.systemd: 7 name: challenger-httpd 8 state: stopped 9 enabled: false 10 11 - name: Ensure SMS challenger service is stopped before we upgrade 12 ansible.builtin.systemd: 13 name: sms-challenger 14 state: stopped 15 enabled: false 16 when: "'SMS Challenger backend' in services" 17 18 - name: Ensure email challenger service is stopped before we upgrade 19 ansible.builtin.systemd: 20 name: email-challenger 21 state: stopped 22 enabled: false 23 when: "'Email Challenger backend' in services" 24 25 - name: Ensure postal challenger service is stopped before we upgrade 26 ansible.builtin.systemd: 27 name: postal-challenger 28 state: stopped 29 enabled: false 30 when: "'Postal Challenger backend' in services" 31 32 - name: Install Challenger packages (and dependencies) 33 ansible.builtin.apt: 34 name: 35 - challenger-httpd 36 - texlive-latex-base # for pdflatex of the postal challenger 37 - texlive-latex-recommended # for the scrlttr2.cls 38 state: latest 39 when: ansible_os_family == 'Debian' 40 41 - name: Ensure group "challenger-sms" exists 42 ansible.builtin.group: 43 name: challenger-sms 44 state: present 45 46 - name: Ensure user "challenger-sms" exists 47 ansible.builtin.user: 48 name: challenger-sms 49 group: challenger-sms 50 password: ! 51 system: true 52 state: present 53 54 - name: Ensure group "challenger-postal" exists 55 ansible.builtin.group: 56 name: challenger-postal 57 state: present 58 59 - name: Ensure user "challenger-postal" exists 60 ansible.builtin.user: 61 name: challenger-postal 62 group: challenger-postal 63 password: ! 64 system: true 65 state: present 66 67 - name: Ensure group "challenger-email" exists 68 ansible.builtin.group: 69 name: challenger-email 70 state: present 71 72 - name: Ensure user "challenger-email" exists 73 ansible.builtin.user: 74 name: challenger-email 75 group: challenger-email 76 password: ! 77 system: true 78 state: present 79 80 - name: Ensure Ansible facts directory exists 81 ansible.builtin.file: 82 path: "/etc/ansible/facts.d/" 83 state: directory 84 owner: root 85 group: root 86 mode: "0700" 87 88 - name: Ensure /etc/taler-exchange/secrets directory exists 89 ansible.builtin.file: 90 path: "/etc/taler-exchange/secrets" 91 state: directory 92 owner: root 93 group: root 94 mode: "0755" 95 96 - name: Secret setup for sms-challenger 97 when: not local_facts['sms-challenger-client-secret'] is defined 98 ansible.builtin.command: 99 argv: 100 - setup-secret-fact 101 - /etc/ansible/facts.d/sms-challenger-client-secret.fact 102 - "secret-token:" 103 creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact 104 105 - name: Secret setup for email-challenger 106 ansible.builtin.command: 107 argv: 108 - setup-secret-fact 109 - /etc/ansible/facts.d/email-challenger-client-secret.fact 110 - "secret-token:" 111 creates: /etc/ansible/facts.d/email-challenger-client-secret.fact 112 113 - name: Secret setup for postal-challenger 114 ansible.builtin.command: 115 argv: 116 - setup-secret-fact 117 - /etc/ansible/facts.d/postal-challenger-client-secret.fact 118 - "secret-token:" 119 creates: /etc/ansible/facts.d/postal-challenger-client-secret.fact 120 121 - name: Force ansible to regather just created fact(s) about challenger 122 ansible.builtin.setup: 123 filter: 124 - 'sms-challenger-client-secret' 125 - 'email-challenger-client-secret' 126 - 'postal-challenger-client-secret' 127 128 - name: Place SMS challenger config 129 ansible.builtin.template: 130 src: templates/etc/challenger/challenger-sms.conf.j2 131 dest: "/etc/challenger/challenger-sms.conf" 132 owner: root 133 group: challenger-sms 134 mode: "0640" 135 136 - name: Place Postal challenger config 137 ansible.builtin.template: 138 src: templates/etc/challenger/challenger-postal.conf.j2 139 dest: "/etc/challenger/challenger-postal.conf" 140 owner: root 141 group: challenger-postal 142 mode: "0640" 143 144 - name: Place email challenger config 145 ansible.builtin.template: 146 src: templates/etc/challenger/challenger-email.conf.j2 147 dest: "/etc/challenger/challenger-email.conf" 148 owner: root 149 group: challenger-email 150 mode: "0640" 151 152 - name: Place SMS challenger environment data 153 ansible.builtin.template: 154 src: templates/etc/challenger/sms-challenger.env.j2 155 dest: /etc/challenger/sms-challenger.env 156 owner: root 157 group: challenger-sms 158 mode: "0640" 159 160 - name: Place postal challenger environment data 161 ansible.builtin.template: 162 src: templates/etc/challenger/postal-challenger.env.j2 163 dest: /etc/challenger/postal-challenger.env 164 owner: root 165 group: challenger-postal 166 mode: "0640" 167 168 - name: Setup SMS Challenger database 169 ansible.builtin.command: 170 cmd: challenger-dbconfig -c /etc/challenger/challenger-sms.conf -u challenger-sms -n challenger-sms 171 chdir: /tmp 172 173 - name: Setup Postal Challenger database 174 ansible.builtin.command: 175 cmd: challenger-dbconfig -c /etc/challenger/challenger-postal.conf -u challenger-postal -n challenger-postal 176 chdir: /tmp 177 178 - name: Setup email Challenger database 179 ansible.builtin.command: 180 cmd: challenger-dbconfig -c /etc/challenger/challenger-email.conf -u challenger-email -n challenger-email 181 chdir: /tmp 182 183 - name: Force ansible to regather newly created fact(s) about sms-challenger 184 ansible.builtin.setup: 185 186 - name: Setup SMS Challenger exchange account 187 ansible.builtin.command: 188 argv: 189 - setup-challenger-client-id-fact 190 - /etc/ansible/facts.d/sms-challenger-client-id.fact 191 - challenger-sms 192 - /etc/challenger/challenger-sms.conf 193 - "{{ ansible_local['sms-challenger-client-secret'] }}" 194 - "{{ EXCHANGE_BASE_URL }}kyc-proof/sms-challenger" 195 creates: /etc/ansible/facts.d/sms-challenger-client-id.fact 196 197 - name: Setup Email Challenger exchange account 198 ansible.builtin.command: 199 argv: 200 - setup-challenger-client-id-fact 201 - /etc/ansible/facts.d/email-challenger-client-id.fact 202 - challenger-email 203 - /etc/challenger/challenger-email.conf 204 - "{{ ansible_local['email-challenger-client-secret'] }}" 205 - "{{ EXCHANGE_BASE_URL }}kyc-proof/email-challenger" 206 creates: /etc/ansible/facts.d/email-challenger-client-id.fact 207 208 - name: Setup Postal Challenger exchange account 209 ansible.builtin.command: 210 argv: 211 - setup-challenger-client-id-fact 212 - /etc/ansible/facts.d/postal-challenger-client-id.fact 213 - challenger-postal 214 - /etc/challenger/challenger-postal.conf 215 - "{{ ansible_local['postal-challenger-client-secret'] }}" 216 - "{{ EXCHANGE_BASE_URL }}kyc-proof/postal-challenger" 217 creates: /etc/ansible/facts.d/postal-challenger-client-id.fact 218 219 - name: Force ansible to regather fact(s) just created about sms-challenger 220 ansible.builtin.setup: 221 222 - name: Place sms-challenger systemd service file 223 copy: 224 src: etc/systemd/system/sms-challenger-httpd.service 225 dest: /etc/systemd/system/sms-challenger-httpd.service 226 owner: root 227 group: root 228 mode: "0700" 229 230 - name: Create file for sms-challenger logs 231 ansible.builtin.file: 232 path: /var/log/sms.log 233 state: touch 234 owner: challenger-sms 235 group: root 236 mode: "0664" 237 modification_time: preserve 238 access_time: preserve 239 240 - name: Place postal message template 241 copy: 242 src: etc/challenger/postal-message-template.txt 243 dest: /etc/challenger/postal-message-template.txt 244 245 - name: Place SMS message template 246 copy: 247 src: etc/challenger/sms-message-template.txt 248 dest: /etc/challenger/sms-message-template.txt 249 250 - name: Place email message template 251 copy: 252 src: etc/challenger/email-message-template.txt 253 dest: /etc/challenger/email-message-template.txt 254 255 - name: Place postal-challenger systemd service file 256 copy: 257 src: etc/systemd/system/postal-challenger-httpd.service 258 dest: /etc/systemd/system/postal-challenger-httpd.service 259 owner: root 260 group: root 261 mode: "0700" 262 263 - name: Place email-challenger systemd service file 264 copy: 265 src: etc/systemd/system/email-challenger-httpd.service 266 dest: /etc/systemd/system/email-challenger-httpd.service 267 mode: "0700" 268 269 - name: Ensure SMS challenger service is enabled and started 270 ansible.builtin.systemd: 271 daemon_reload: true 272 name: sms-challenger-httpd 273 state: started 274 enabled: true 275 276 - name: Ensure email challenger service is enabled and started 277 ansible.builtin.systemd: 278 name: email-challenger-httpd 279 state: started 280 enabled: true 281 282 - name: Ensure postal challenger service is enabled and started 283 ansible.builtin.systemd: 284 name: postal-challenger-httpd 285 state: started 286 enabled: true 287 288 - name: Generate challenger nginx configuration files (tls config) 289 ansible.builtin.template: 290 src: templates/etc/nginx/conf.d/challenger-tls.conf.inc 291 dest: /etc/nginx/conf.d/challenger-tls.conf.inc 292 owner: root 293 group: root 294 mode: "0644" 295 296 - name: Generate challenger nginx configuration files 297 ansible.builtin.template: 298 src: templates/etc/nginx/sites-available/{{ item }}.j2 299 dest: /etc/nginx/sites-available/{{ item }} 300 owner: root 301 group: root 302 mode: "0644" 303 with_items: 304 - sms-challenger-nginx.conf 305 - sms-challenger-http.conf 306 - email-challenger-nginx.conf 307 - email-challenger-http.conf 308 - postal-challenger-nginx.conf 309 - postal-challenger-http.conf 310 311 - name: Secure the auditor site with Letsencrypt 312 ansible.builtin.include_role: 313 name: cert 314 vars: 315 cert_name: challenger 316 wanted_cert_domains: 317 - "sms.challenger.{{ domain_name }}" 318 - "email.challenger.{{ domain_name }}" 319 - "postal.challenger.{{ domain_name }}" 320 nginx_sites: 321 - sms-challenger-nginx.conf 322 - postal-challenger-nginx.conf 323 - email-challenger-nginx.conf 324 - sms-challenger-http.conf 325 - postal-challenger-http.conf 326 - email-challenger-http.conf 327 328 - name: Enable postal challenger reverse proxy configuration 329 ansible.builtin.file: 330 src: "/etc/nginx/sites-available/{{ item }}" 331 dest: "/etc/nginx/sites-enabled/{{ item }}" 332 state: link 333 notify: Restart nginx 334 with_items: 335 - sms-challenger-nginx.conf 336 - postal-challenger-nginx.conf 337 - email-challenger-nginx.conf 338 - sms-challenger-http.conf 339 - postal-challenger-http.conf 340 - email-challenger-http.conf